Re: [fw-wiz] OT? New compromise.

To:	Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Subject:	Re: [fw-wiz] OT? New compromise.
From:	"J. Oquendo" <sil@infiltrated.net>
Date:	Wed, 28 Mar 2007 14:24:58 -0400
Cc:	firewall-wizards@listserv.cybertrust.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	fwwizards-list2@consult.net
Delivered-to:	firewall-wizards@listserv.cybertrust.com
In-reply-to:	<1897E92A96C47648A6574CB9A51C64070229BAB8@SEBEV1PW.graybar.com>
List-archive:	<https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help:	<mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id:	Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post:	<mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
References:	<1897E92A96C47648A6574CB9A51C64070229BAB8@SEBEV1PW.graybar.com>
Reply-to:	Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender:	firewall-wizards-bounces@listserv.icsalabs.com
User-agent:	Thunderbird 1.5.0.10 (Windows/20070221)

To:

Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>

Subject:

Re: [fw-wiz] OT? New compromise.

From:

"J. Oquendo" <sil@infiltrated.net>

Date:

Wed, 28 Mar 2007 14:24:58 -0400

Cc:

firewall-wizards@listserv.cybertrust.com

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

fwwizards-list2@consult.net

Delivered-to:

firewall-wizards@listserv.cybertrust.com

In-reply-to:

<1897E92A96C47648A6574CB9A51C64070229BAB8@SEBEV1PW.graybar.com>

List-archive:

<https://listserv.icsalabs.com/pipermail/firewall-wizards>

List-help:

<mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>

List-id:

Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>

List-post:

<mailto:firewall-wizards@listserv.icsalabs.com>

List-subscribe:

<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>

List-unsubscribe:

<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>

References:

<1897E92A96C47648A6574CB9A51C64070229BAB8@SEBEV1PW.graybar.com>

Reply-to:

Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>

Sender:

firewall-wizards-bounces@listserv.icsalabs.com

User-agent:

Thunderbird 1.5.0.10 (Windows/20070221)

St John, Richard wrote:


Once you determine there might be an issue, I think there used to be a
program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.

On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...


Others...
#lsof|grep -i listen
#netstat -l|grep "*"
#netstat -a|grep -i listen (for Solaris ... at least 5.10)


--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743

sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [fw-wiz] OT? New compromise., St John, Richard Re: [fw-wiz] OT? New compromise., J. Oquendo <= Re: [fw-wiz] OT? New compromise., Stian Øvrevåge Re: [fw-wiz] OT? New compromise., Jim Seymour Re: [fw-wiz] OT? New compromise., Paul D. Robertson Re: [fw-wiz] OT? New compromise., J. Oquendo Re: [fw-wiz] OT? New compromise., Paul D. Robertson Re: [fw-wiz] OT? New compromise., Victor Williams Re: [fw-wiz] OT? New compromise., Mattias Ahnberg Re: [fw-wiz] OT? New compromise., Mark Re: [fw-wiz] OT? New compromise., Richard Golodner Re: [fw-wiz] OT? New compromise., Mike Barkett

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [fw-wiz] [OT?] Accounting from PIX Logs, Security Guy
Next by Date:	Re: [fw-wiz] firewall-wizards Digest, Vol 11, Issue 22, Mike Barkett
Previous by Thread:	Re: [fw-wiz] OT? New compromise., St John, Richard
Next by Thread:	Re: [fw-wiz] OT? New compromise., Stian Øvrevåge
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [fw-wiz] [OT?] Accounting from PIX Logs, Security Guy

Next by Date:

Re: [fw-wiz] firewall-wizards Digest, Vol 11, Issue 22, Mike Barkett

Previous by Thread:

Re: [fw-wiz] OT? New compromise., St John, Richard

Next by Thread:

Re: [fw-wiz] OT? New compromise., Stian Øvrevåge

Indexes:

[Date] [Thread] [Top] [All Lists]